metasploit | 68eedce4f4355a48e20ec7dd57dd2bd14f43e47e33d850e34986581980c5c8d5

Sharing

Copy URL

Twitter E-mail

General

Target

68eedce4f4355a48e20ec7dd57dd2bd14f43e47e33d850e34986581980c5c8d5
Size

47KB
MD5

7db248464bba10b25b36a640c50fce06
SHA1

265443455d4839b0c45bcff253bee45a501089c2
SHA256

68eedce4f4355a48e20ec7dd57dd2bd14f43e47e33d850e34986581980c5c8d5
SHA512

40504d4cb5b46d263839631fe92fee2255ae1b89d8e459f19c22d2cbf276e50f095a98aef050227e2f08b4826ad1a021d57a7a500122e9874a46efa294b1882c
SSDEEP

768:YLNslR0Pc4EGHKdNDzmzzlU/+BgAgiKU1/ZTDa+RwAt1PqcWG:XcPc4EoK65UYrHKSZfa+msPqcd

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_http

http://192.168.153.129:8443/q1U4Yaj1IcSdxJzF-9P7ugla_Ulldpulotjx7Vcln-uoJQtGeB_GHIB97Xf9FPxTRExtppoPCrMt77yBu-a6RJCM_bz3NHY9go6LSHB0DNkL-rc54SIbgzkCuw-NXT3fVd-jt75-Zl04TITkempXkgi8qOX7jEhI8FxwPARojwMurV-osBkjCoCCdUh696up822prooavprCu5G0J8eyDY-_GZa-rpM

Signatures

Metasploit family
metasploit

Files

68eedce4f4355a48e20ec7dd57dd2bd14f43e47e33d850e34986581980c5c8d5
.exe windows:10 windows x86 arch:x86

e086949314727e3601d7616d6f25acf0

Code Sign

33:00:00:02:f4:9e:46:9c:54:13:7b:85:e0:00:00:00:00:02:f4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29-04-2021 19:15

Not After

28-04-2022 19:15

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:30:13:8d:93:14:84:f8:ad:53:a6:ef:06:8e:e0:39:d8:82:26:ff:2d:7b:e1:cb:b9:5c:10:8a:8c:1f:b2:a5
Signer

Actual PE Digest

49:30:13:8d:93:14:84:f8:ad:53:a6:ef:06:8e:e0:39:d8:82:26:ff:2d:7b:e1:cb:b9:5c:10:8a:8c:1f:b2:a5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

api-ms-win-core-crt-l2-1-0

_initterm_e
_initterm
__wgetmainargs

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
OpenProcessToken
SetProcessAffinityUpdateMode
ExitProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetErrorMode
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-crt-l1-1-0

qsort_s
memset
memcpy
memcmp
_wcsicmp

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
FreeLibrary
GetModuleHandleW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
AcquireSRWLockShared
LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
EnterCriticalSection

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegGetValueW
RegDisablePredefinedCacheEx
RegOpenKeyExW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitializeConditionVariable

api-ms-win-core-debug-l1-1-0

DebugBreak

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-security-base-l1-1-0

AddAccessAllowedAce
MakeAbsoluteSD
SetSecurityDescriptorGroup
GetLengthSid
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-utility-l1-1-0

bsearch_s

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
ReleaseActCtx
CreateActCtxW
ActivateActCtx

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

ntdll

RtlNtStatusToDosErrorNoTeb
TpReleaseWait
EtwEventEnabled
EtwEventWrite
RtlAllocateHeap
RtlFreeHeap
TpSetTimerEx
TpWaitForTimer
TpReleaseTimer
TpSetTimer
TpAllocTimer
RtlQueryHeapInformation
RtlNtStatusToDosError
_vsnwprintf
TpSetWait
TpAllocWait
EtwEventRegister
NtSetInformationProcess
RtlSetProcessIsCritical
RtlImageNtHeader
RtlValidSecurityDescriptor
NtQuerySystemInformation
RtlInitializeCriticalSection
RtlInitializeSid
RtlSubAuthoritySid
RtlGetDeviceFamilyInfoEnum
RtlReleaseSRWLockExclusive
RtlSubAuthorityCountSid
RtlAcquireSRWLockExclusive
RtlLengthRequiredSid
RtlDeriveCapabilitySidsFromName
RtlCopySid
RtlRunOnceExecuteOnce
RtlUnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

e086949314727e3601d7616d6f25acf0

Code Sign

33:00:00:02:f4:9e:46:9c:54:13:7b:85:e0:00:00:00:00:02:f4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

49:30:13:8d:93:14:84:f8:ad:53:a6:ef:06:8e:e0:39:d8:82:26:ff:2d:7b:e1:cb:b9:5c:10:8a:8c:1f:b2:a5Signer

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-crt-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-crt-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-synch-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

ntdll

api-ms-win-core-heap-l2-1-0

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 96B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

33:00:00:02:f4:9e:46:9c:54:13:7b:85:e0:00:00:00:00:02:f4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

49:30:13:8d:93:14:84:f8:ad:53:a6:ef:06:8e:e0:39:d8:82:26:ff:2d:7b:e1:cb:b9:5c:10:8a:8c:1f:b2:a5
Signer

.text
Size: 27KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 96B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB